• Journal of the Korea Society of Computer and Information
• /
• v.22 no.3
• /
• pp.17-25
• /
• 2017

In this paper, we compared four analyzers Clang, CppCheck, Compass, and a commercial one from a domestic startup using the NIST's Juliet test suit and STONESOUP that is introduced recently. Tools showed detection efficacy in the order of Clang, CppCheck, the domestic one, and Compass under Juliet tests; and Clang, the domestic one, Compass, and CppCheck under STONESOUP tests. We expect it would be desirable to utilize symbolic execution for vulnerability analysis in the future. On the other hand, the results of tool evaluation also testifies that Juliet and STONESOUP as a benchmark for static analysis tools can reveal differences among tools. Finally, each analyzer has different CWEs that it can detect all given test programs. This result can be used for selection of proper tools with respect to specific CWEs.

• Transactions of the Korean Society of Automotive Engineers
• /
• v.11 no.2
• /
• pp.148-156
• /
• 2003

Many car manufacturers have frequently adopted an aggressive inflator and a lower threshold speed for airbag deployment in order to meet an injury requirement for unbolted occupant at high speed crash test. Consequently, today's occupant safety restraint system has a weakness due to an airbag induced injury at low speed crash event. This paper proposes a new crash algorithm to improve the weakness by suppressing airbag deployment at low speed crash event in case of belted condition. The proposed algorithm consists of two major blocks-crash severity algorithm and deployment logic block. The first block decides crash severity with two levels by means of velocity and crash energy calculation from acceleration signal. The second block implemented by simple AND/OR logic combines the crash severity level and seat belt status information to generate firing commands for airbag and belt pretensioner. Furthermore, it can be extended to adopt additional sensor information from passenger presence detection sensor and safing sensor. A simulation using real crash data for a 1,800cc passenger vehicle has been conducted to verify the performance of proposed algorithm.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.10a
• /
• pp.332-335
• /
• 2013

In this paper, we propose an image retrieval method using an EHD (Edge Histogram Descriptor) of MPEG-7 and the color histogram. The EHD algorithm can be used to collect the gradient of edge distribution and to find a similar image. However, if you only search the edge gradient without considering the image color, the color shows a weakness. In order to overcome this problem, we use the color histogram and extract the feature to determine whether a similar image. The proposed method shows that the weakness of existing EHD can be overcome by using the color histogram.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.14 no.4
• /
• pp.125-134
• /
• 2018

Lamport firstly suggested password base authentication scheme and then, similar authentication schemes have been studied. Due to the development of Internet network technology, remote user authentication using smart card has been studied. Li et al. analyzed authentication scheme of Chen et al. and then, Li et al. found out the security weakness of Chen et al.'s scheme such forward secrecy and the wrong password login problem, and proposed an a new smart card based user password authentication scheme. But Liu et al. found out that Li et al.'s scheme still had security problems such an insider attack and man-in-the-middle attack and then Liu et al. proposed an efficient and secure smart card based password authentication scheme. This paper analyzed Liu et al.'s authentication and found out that Liu et al.'s authentication has security weakness such as no perfect forward secrecy, off-line password guessing attack, smart-card loss attack, and no anonymity. And then, this paper proposed security enhanced efficient smart card based password authentication scheme using fuzzy extraction technology.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.3
• /
• pp.81-90
• /
• 2007

In the UMTS (Universal Mobile Telecommunication System), which is one of 3G mobile communication standards, the protocol called UMTS AKA (Authentication and Key Agreement) is used to authenticate mobile stations. However, the UMTS AKA protocol has some weakness, including network bandwidth consumption between a SN (Serving Network) and a HN (Home Network) and SQN (SeQuence Number) synchronization. In this paper, we propose a new improved protocol for UMTS that overcomes UMTS AKA weakness. Our protocol solves the privacy problem caused by IMSI (International Mobile Subscriber Identity)'s disclosure and provides perfect forward secrecy using ECDH (Elliptic Curve Diffie Hellman).

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.1
• /
• pp.165-184
• /
• 2023

The ARX-based lightweight block cipher is widely used in resource-constrained IoT devices due to fast and simple operation of software and hardware platforms. However, there are three weaknesses to ARX-based lightweight block ciphers. Firstly, only half of the data can be changed in one round. Secondly, traditional ARX-based lightweight block ciphers are static structures, which provide limited security. Thirdly, it has poor diffusion when the initial plaintext and key are all 0 or all 1. This paper proposes a new dynamic ARX-based lightweight block cipher to overcome these weaknesses, called DABC. DABC can change all data in one round, which overcomes the first weakness. This paper combines the key and the generalized two-dimensional cat map to construct a dynamic permutation layer P1, which improves the uncertainty between different rounds of DABC. The non-linear component of the round function alternately uses NAND gate and AND gate to increase the complexity of the attack, which overcomes the third weakness. Meanwhile, this paper proposes the round-based architecture of DABC and conducted ASIC and FPGA implementation. The hardware results show that DABC has less hardware resource and high throughput. Finally, the safety evaluation results show that DABC has a good avalanche effect and security.

• Journal of Information Technology Application
• /
• v.2 no.1
• /
• pp.83-111
• /
• 2000

To preserve competitiveness in rapidly changing world military market and to adapt themselves to newly-developed warfare, many developed counties have been readjusting their military organizations and technical procedures. In a private sector, business reengineering and other innovative efforts were made to respond to this change, using structural approaches. In the military sector, the United States is the one leading this move. She has been trying to reorganize her military structure to hold her hegemony in world politics for the coming 21st century. The purpose of this paper, is, (1) to analyze the information technology on the military revolution, (2) to deduce what to be changed, and (3) to infer how to change. The comparison between Korea and U.S. in terms of the real military situation was made to analyze these three research questions. The study was based on the structural contingency theory, one of the environmental analysis models, being introduced to explore the Revolution in Military Affairs(RMA) case in United States and Korea. The conclusion may be summarized as follows; First, information-based society which is characterized by the development of information technology and environmental, complexity and weakness in security affairs will affect the military factors such as the issue of holding information superiority, changing warfare in proportion to the military-scientific development and weakness in military security. This trend will be more deep-rooted and multiple in its influence on the military affairs.

• The Journal of Pediatrics of Korean Medicine
• /
• v.31 no.3
• /
• pp.46-63
• /
• 2017

Objectives The Korean Medicine (KM) PHR platform is a personalized healthcare service which allows individuals to keep and manage their own health records. When parents are reporting for their children from their memories, there is high possibility of recall errors. In these cases, it could be useful for doctors to collect the patient's symptoms through PHR platform. In this study, we aimed to investigate the clinical significance of the PHR by using the KM PHR platform in the pediatric clinic. Methods The PHR platform was used to collect child health information from parents and child care teachers. The collected data were analyzed in comparison with the results of screening by pediatrician. Results A total of 58 children were recruited, 44 of which health information were collected from their parents and their child care teachers. The remaining 14 children's health information were collected from their parents only. As a result the parents tended to perceive their children weaker than the child care teacher. Compared to other organs, there was a only significant difference in the heart weakness score and spleen weakness score in the comparison of the weak and healthy children. Conclusions Although the study was conducted on a small group of subjects, and used PHR platform developed specifically for adults to indirectly input child's symptoms, and analyzed their health information, there was a difference in health records between information providers. Development of PHR platform for children is needed to collect more reliable information.

• Spatial Information Research
• /
• v.23 no.4
• /
• pp.91-101
• /
• 2015

Due to recent increase of indoor spatial information demands, several international standards have been published for indoor spatial information. OGC has also recently published two standards for indoor space; CityGML and IndoorGM. CityGML aims to provide a standard for 3D city modeling and the level of details (LoD) 4 covers the indoor space. IndoorGML focuses only on indoor space and provides several functions to complement the weakness of CityGML. It is therefore recommended to apply IndoorGML as a combination with CityGML. However since the weakness and strengths between these standards are not yet fully studied and understood, there is no well-defined guideline to apply them in a proper way. It means that we need to carry out a comparative study between them for their proper integration. For this reason, we discuss the pros and cons of these standards from two use-cases. The sites for the use-cases cover Lotte World Mall and Jongno-5 subway station, respectively. We studied these use-cases to compare CityGML and IndoorGML through the data construction of CityGML and IndoorGML for these sites. And based on several application scenarios, we also analyzed the weakness and strengths of each standard from different viewpoints. We expect that these comparative studies will be helpful to make a guideline on the application and integration between CityGML and CityGML.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.11
• /
• pp.46-52
• /
• 2017

Along with the expansion of areas in which ICT and Internet of Things (IoT) devices are utilized, open source software has recently expanded its scope of applications to include computers, smart phones, and IoT devices. Hence, as the scope of open source software applications has varied, there have been increasing malicious attempts to attack the weaknesses of open source software. In order to address this issue, various secure coding programs have been developed. Nevertheless, numerous vulnerabilities are still left unhandled. This paper provides some methods to handle newly raised weaknesses based on the analysis of histories and patterns of previous open source vulnerabilities. Through this study, we have designed a weaknesses analysis system that utilizes weakness histories and pattern learning, and we tested the performance of the system by implementing a prototype model. For five vulnerability categories, the average vulnerability detection time was shortened by about 1.61 sec, and the average detection accuracy was improved by 44%. This paper can provide help for researchers studying the areas of weaknesses analysis and for developers utilizing secure coding for weaknesses analysis.